{#
 This Source Code Form is subject to the terms of the Mozilla Public
 License, v. 2.0. If a copy of the MPL was not distributed with this
 file, You can obtain one at https://mozilla.org/MPL/2.0/.
#}

{% extends "security/base.html" %}

{% block page_title_suffix %}{% endblock %}
{% block page_title %}Mozilla Security{% endblock %}
{% set body_id = "security-index" %}

{% block article %}
  <header>
    <h1 class="mzp-c-article-title">Mozilla Security</h1>
  </header>

  <p class="intro">Whether you’re using the Web or checking your email, you care about your security and privacy. At Mozilla we understand the importance of security. Here you will find alerts and announcements on security and privacy issues, general tips for surfing the Web and using email more securely, more information about how we maintain and enhance the security of our products, and useful links for developers.</p>

  <ul class="links">
    <li>
      <h4><a href="{{ url('security.advisories') }}">
        Mozilla Security Advisories
      </a></h4>
      for all products
    </li>
    <li>
      <h4><a href="{{ url('security.known-vulnerabilities') }}">
        Known vulnerabilities
      </a></h4>
      listed by product
    </li>
    <li>
      <h4><a href="{{ url('security.bug-bounty') }}">
        Security Bug Bounty Program
      </a></h4>
      Mozilla's Security Bug Bounty Program for security issues
    </li>
    <li>
      <h4>
        <a href="https://blog.mozilla.org/">The Mozilla Blog
      </a></h4>
      announces all of our releases
    </li>
    <li>
      <h4><a href="https://blog.mozilla.org/security/">
        The Mozilla Security Blog
      </a></h4>
      features security-related articles about Mozilla products.
    </li>
  </ul>

  <section id="updates">
    <p>The latest security updates will be delivered to most users
      automatically. Users who have turned off automatic updates can use the
      "Check for Updates..." item on the Help menu. If the menu item is disabled
      your account does not have sufficient privileges to update Firefox--contact
      the person who installed Firefox on your machine. Additional help is also
      available through our <a href="https://support.mozilla.org/">Community
        Support</a> site.</p>
  </section>
  <section id="browsing">
    <h2 id="Tips_for_secure_browsing">Tips for Secure Browsing</h2>

    <ul class="mzp-u-list-styled">
      <li>Always use the most current version of your
        <a href="/firefox/">browser</a>.
      </li>
      <li>Check for the "lock" icon on the status bar that shows that you
        are on a secured web site. Also check that the URL begins with
        "https" in the location bar when making transactions online.
      </li>
      <li>In the Tools menu of Firefox, Tools &gt; Options... &gt; Privacy,
        you can clear your information with one click of a button. This
        is especially useful when using a computer in a public location.
      </li>
      <li>Perform transactions (like shopping or submitting personal
        information) at sites that are well established and that are familiar
        to you. If you're not familiar with a site, make sure that the
        site has a privacy policy and information about the site's security
        measures.
      </li>
    </ul>
  </section>

  <section id="email">
    <h2 id="Tips_for_using_email_securely">Tips for Using Email Securely</h2>

    <ul class="mzp-u-list-styled">
      <li>Be aware that it is extremely easy for someone to forge an email
        message to make it appear as if the message has been sent by your bank,
        a software vendor (e.g., Microsoft), or another entity with whom you do
        business. If a message requests that you send your password or other
        private information, or asks that you run or install an attached file,
        then it is very likely that the message is not legitimate. When in
        doubt, just mark the message as "junk" and delete it.
      </li>
      <li>Be cautious when clicking on links sent to you in email messages.
        If you do click on such a link, double-check the name of the site as
        shown in the location bar of the browser, and be especially careful if
        the site name displayed is an IP address (e.g., "192.168.25.75")
        instead of a domain name (e.g., "www.example.com"); in the former case
        it is very likely the site is not legitimate. Don't enter any personal
        information into forms displayed at such a site, and if you have any
        concerns whatsoever about your security, just close the browser window.
      </li>
    </ul>
  </section>

  <section id="developers">
    <h2 id="For_Developers">For Developers: Contacting Mozilla</h2>

  <p>Report security-related bugs and learn more about how we secure our
    products:</p>

  <ul class="mzp-u-list-styled">
    <li><strong>If you believe that you've found a Mozilla-related
      security vulnerability, please report it by sending email to the
      address <a href="mailto:security@mozilla.org">security@mozilla.org</a>.</strong> Note that your report may be
      eligible for a reward; see below.
    </li>
    <li>For more information on how to report security vulnerabilities
      and how the Mozilla community will respond to such reports, see our
      <a href="{{ url('mozorg.about.governance.policies.security.bugs') }}">policy
        for handling security bugs</a>.
    </li>
    <li>We want to make Mozilla products and sites as secure as possible, and wish to encourage research, study, timely disclosure, and rapid fixing of any serious security vulnerabilities. We've established a <a href="{{ url('security.bug-bounty') }}">Security Bug Bounty Program</a> to reward people who help us reach that objective.
    </li>
    <li>Mozilla-based products include a default list of CA certificates
      used when connecting to SSL-enabled servers and in other contexts. If you
      are a CA and would like your CA certificate(s) considered for inclusion
      in Mozilla, please see the <a href="{{ url('mozorg.about.governance.policies.security.certs.policy') }}">
        Mozilla CA certificate policy</a>.
    </li>
  </ul>
</section>

  <p>Press Contact: send mail to <em>press</em> at <em>mozilla dot com</em>.</p>

  <p id="pgpkey">The PGP key for <a href="mailto:security@mozilla.org">security@mozilla.org</a> below can be used to send encrypted mail or to verify responses received from that address.</p>

  <div class="pgp-key">
<pre>
-----BEGIN PGP PUBLIC KEY BLOCK-----

mQINBGcpoSsBEADB5DcvUh0Q7tC0AGWm1pFRY989pHq3whbV+svnx1oYMj5vnBYm
+4nxthXrBbOOQTTfCj09gMdyAT1z/+9s+HJB1vU4xsndXYHLTJ1e6VfE+uwgMe/v
fW7BLleCdeaZdsvtjZqYcARr9oa5hJwxIypFEWzkgYFFczdh0LMG4lobsCOjXfsm
kUzQRh58eqwPTM3ZEo23gzVfQBhqRVvNrfYvtXoDRsUmOSseLN2DJRYLOW1zbpuf
KqK9nc/e/tkvyecXBpP+BkLf9AZ+pD23n5pS/YXVIfi2+G0dNS/UMU9PdoSuIN1v
0SRTrWQCHqAnsmf11D1CoWHEG2l7cV4a5xksNyK3GjPVcf+vvB3sV/cKgbv9XB8C
EV50JLrU85wpbpxIJGuu5Ho82lNqjiuEjwNsqVFwiIJUYaLSVkyFT/JO1TfXSDQw
mEBK2MIhd7ORlDU7X2K4mOtggyzNdRz60ini3b6u0kZ3a/aW9yHDBYufPL1HAJpX
L0zjD/n8ozOTunQuxuWtBN2J2v8KJeBVjgHiWMC1c5JcBekx6z7no6bkeZwR6Mug
2JNcZhtuYrqUxtegnUpM7tcfRhKHsgn5sJ8ci7PsYl43KE1gPD+tJ7ag07aahvN5
q/wEAbukRWK6NpAOaKzZQLynkaUzzns3KbNeIogm/x8MDevCh60BoJnXSwARAQAB
tCdNb3ppbGxhIFNlY3VyaXR5IDxzZWN1cml0eUBtb3ppbGxhLm9yZz6JAlQEEwEK
AD4WIQSt77LiRX23NxoDE0unzZnaZOne1wUCZymhKwIbAwUJBaOagAULCQgHAwUV
CgkICwUWAgMBAAIeAQIXgAAKCRCnzZnaZOne1xKKD/47wsc6e/20cYAuy8M0LKn6
fCT05+OJVVanznzRc0C//H9FWJYsxydPoABLrSZlawnSbAsAvsYLprKNbSMzKC6q
GuhO4AYS2sF3kVY27xI14wua4+BkzYaSv8Kozkbz6sJPINo93P+Qr5KmPav5eJ6Y
ZaXmfr9Xqp1b8d2KyTaNRChZ0ge+BLfmAMagskONCRS5swf6/1Mbn6FWpZLMoUtp
/N9eJLDJapocpZ1FlCn7R5Q0jWsJfv80uxuCCMwtwQZrBagh+yU9gwcYexp6aQep
lhtSQJrpebzxXaXKJBgTLML9rHJBez1O/Fs/JUmrdKZz35CCCB9hDVd9Xg9/qePZ
EsOA9NXgW5LRbCVq7Euz6E8HVe1EsdtBaLxcdwkPbm0UgI0QjvPJJgbTKzeCNbBi
EOrrJ283S+1UfAfmdWvW5hTTFvI7r5CIC3CD2XS7MOBgmyeKBlJNAcCJTMrCEGTb
p0XwDfufJE2eMKfXyolNmM836UwS1yNUY6t9BKZPFNJaLljgvUIKngIOwnITFqIo
55YGMrCCFyR9QYH2B6MSSno+d8OCrClvLqRIt4LKzfdW3VRHD03X5kQAnX8z3TDj
vy20ZlRhzZxzHBdgX67H5VxaNh+z8inCmUfaACyRwWn0dzJRkBhZTcjMJZAxQLTu
C0mYP8bqAtnWxV3OTXF99rkCDQRnKaErARAAvZyoXDRdfFqUcc4WLtMBccwIrLxU
JFoTwE+LgzWrZt7d+oXQogufSGPJ2Zqpml989PoX6DSti7M3EiZXkwNF3XLuXMdv
PwyDpkvRjhUhra1D9DOrorH55Q7gouaJnBxWpW49gEatQWYJPjAIgyjAlQrn54Lb
1weNRBCDNvX5BpsQP9C8qcSA1oHq4u36ogDNfq6Zfm/6dSOOqPf+AN/gp+WwydfD
Bq4lUGvWJj1k/Q+XbSVfo5Jb8lOvhsTd+2xVDcXoQt6KmkBLGVqNNcaodqFtyww8
kdHe3aa45tTfQt+g6KqfYLq93e+frvnMMEGJ6dm4dHOsxLNau11tH+o52qjkmW7J
T5V6rpVHaAUnhh3BIb6pPjHOV2r9V4qw/J+WI9sEWegHfi0CmB/a7qi4ZEmdPuvB
yvTJ+4rlbfTaLRnb089FetYp/IzgvAf3zoICxE9doigDLrDwtqgvjogtogV+4rE0
GUB/mVzT+ev6r1uXySNkqnuZ3zyPlu29JoBcb2ELjVxe5lXmIyvPG8d1Aldxc49N
VNdZ/r9D9J5bfDRTPc+yZ3XQeomcTwcbNGYn0oHH0bnH05PwSu2XS14RIOG5PHYc
bPAT3MyzpNYAB3uSiKkuekVM152oKTPgTa5PqFoqT6g4LqPkkLq+GAZSyl6lS8L7
X+X4T9CpNugf+gcAEQEAAYkCPAQYAQoAJhYhBK3vsuJFfbc3GgMTS6fNmdpk6d7X
BQJnKaErAhsMBQkFo5qAAAoJEKfNmdpk6d7XWSUP/1zdDiW/2/UI8hns+gDri3mh
hNjT0EqFQ/VwzN8n05/uuxba09xjo2f0cqIwUHQZ2boeAkYKWyGtPV8sYGrfIT1U
A6ev3S0fX0ARFXDGgLLBPwmfkbu+1U/ALmLW87Zok598TWvxXL3KFkuyjjjwHozE
zmecNkvkTfn3h86VHSlIDewZ8U4z29gvJeDDe8z4jDZWwth+VyvIzk8jVxKqggvT
7g7WajBRl62jL0pxHzFmCuyChZ0MmfQUJoecj3Res0WDYMP7lL2xjtSRT+zsmGIU
N6xB4bDJ38FuUBuL1RF0zsguOKMHQvatVlYvPjfWL6gNSuZhA7bgtEVzrflq2yKw
EYYL9UgDZI/QOSunUQo5OgoAww8i8sarHX/O33EDdbWN8R+VUTU7i/iOeZySx2Tg
JvnzGh72NeOmFjRmvm9SiLhIBie4JQAr0JoqLElLoHt5ZnShuOcY/jRJ6oFsxzPm
EmBAULvvbz1qJ2WSy/Mm/iEB9Eu7PxTihSpujYH0zMyud7DVwoF3sQ4bLavvnsU4
+mefGMDxS2xSxj54IeKyGSOyS5M/+b3Jzt3fkgPQ3MP7jiZcxDrjF614ldmycX/A
LRKEYUWtFnbKzNhT6kPXVZwtuFp7j65pteUoK3XDrfR8zPFS91lulCA+zPSyjs4X
q/jdznvsSsbmsw+exOBt
=NDRA
-----END PGP PUBLIC KEY BLOCK-----
</pre>
  </div>
{% endblock %}
